(12)INTERNATI0] 



IPLICATION PUBLISHED UNDER THE PAi 



(19) World Intellectual Property Organization 
Internationa] Bureaii 

(43) International Publication Date 
10 January 2002 (10.01.2002) 




PCT 



^TE^^bO] 



PERATION TREATY (PCT) 



iililil 



(10) International Publication Number 

wo 02/03214 Al 



(51) Intemadonal Patent Classification^: GOfiF 15/00, 

H04Q7/38. 

(21) International Application Number: PCT/CN0(^0Q364 

(22) Intemadonal Filing Date: 27 October 2000 (27.10^000) 
(25) Filing Language: English 
(2€) Publication Language: English 



(30) Priority Data: 

60/216^1 
60/223,466 
09/675315 



6 July 2000 (06.07.2000) US 
7 August 2000 (07.08.2000) US 
29 September 2000 (29.09.2000) US 



(71) Applicant (for all designated States except US): CHE- 
UNG KONG (HOLDINGS) LIMITED [CN/CN]; Che- 
ung Kong Centre, 7th floor. 2 Queen's Road Central, Hong 
Kong(CN). 

(72) Inventor; and 

(7^ Inventor/Applicant (for US onfyji TSUh Chilcon^ 
[GB/CN]; 27 B Yuton Cotut, 2 Conduit Road, Hong Kong 
(CN). 



(74) Agent: CHINA PATENT AGENT (H.IC) LTD.; Great 
Eagle Centre, 22/F, 23 Harbour Road, Wanchai, Hong 
Kong(CN). 

(81) Designated States (national): AE, AL, AM, AT, AU, AZ, 
BA, BB, BG, BR, BY, CA, CH, CN, CR, CU, C2, DE, DK, 
' EE, ES. FI, GB, GD. GE, QH. GM, HR. HU, ID, IL. IN, 
ISj JP, KE, KG, KP, KR, KZ, LC, LK, LR, LS, LT, LU, LV. 
MA, MD, MG,MK,MN,MW, MX, NO, NZ, PL, FT, RO, 
RU, SD, SE. SG, SI, SK, SL. TJ, TM, TR, TT, TZ. UA, UO, 
US, UZ, VN, YU, ZA, ZW. 

(84) DesigDgted States (regional): ARIPO patent (GH, GM, 
KE, LS, MW. MZ, SD, SL, SZ, TZ, UG, ZW), Eurasian 
patent (AM, AZ, BY, KG, KZ. MD. RU, TJ, TM), European 
patent (AT, BE. CH. CY, DE, DK, ES. R, FR, GB, GR, IE, 
IT, LU, MQ NL, PT, SE), OAPI patent (BP, B J, CF, CG, 
a, CM, GA, GN, GW, ML. MR, NE, SN, TD, TG). 

Published: 

— with international search report 

For two-letter codes and other abbreviations, refer to the "Guid- 
ance Ntaes ori Codes and Abbreviations** cqipearir^ at the begin' 
ning of each regular issue of the PCT Gazette, 



(54) Title: CERITFICAnON SYSTEM 



< 
1-1 
o 




^ (57) Abstract: A method, system, and apparatus for implementing a technique for approving a transaction in a secure manner in an 



wo 02/03214 




PCT/CNOO/00364 



CERTIFICATION SYSIEM 

B AmcrTROTTND OF THE TNVENTTQN 

This inventipn relates to a method, system, and ^aratus for providing 
5 security, confidentiality, and authenticity for netwoiked transactions. 

Currently, several enc^yption/deciyption standards for e-commerce exist to 
give legal binding effect to transactions. For example, the Public Key 
Infrastructure (PKI) uses public keys fat enciyption and digital signatures to 
provide for confidentiality of information, authentication of actors, integrity of 

10 data, non-repudiation of actions, and access control. One example is the PKI 
service platforms deployed by VeriSign of Mountain View, California. 
Detailed information about PKI architecture by VeriSign and other vendors can ' 
be found in The VeriSign World Trust PKI Architecutre, VeriSign White Paper 
#98-05, 1998, and in VeriSign Public-Key Infrastructure— Enterprise Key 

15 Management, VeriSign White Paper #98-02, 1998, both of which are 
incorporated herein by re&rence. Other encryption/decryption standards 
include the Data Encryption Standard (DES) and the Secure Sockets Layer (SSL). 
The features of encryption/decryption standards establish the environment of 
confidence and trust required for electronic business transactions. However, 

10 there are additional .Internet transaction security problems that need to be 
considered. The followings are some examples of the drawbacks of the current 
system. 

Firstly, there are difBculties for the Certificate Authority (CA) to perform 
real time certificate verification. Most CAs can only recognize whether Ihe 
25 certificate is vaUd, but there is a lapsed time to update the revocation list. 

Secondly, when a holder loses his/her authentication information, for 
example a password or a private key, it is difficult for the certification authority 
to accept loss report by telephone calls. Therefore, the holder must appear in 
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person at the CA to ensure that report of loss is genuine. The problem can 
become worse if there is a long holiday. 

Thirdly, if the holder is out of town, it becomes extremely difficult to report a 
loss. Prior to reporting, an imposter may impersonate the holder of the 
5 authentication information online. 

Fourthly, because of the above, it is very dangerous to use digital signature to 
conduct transactions involving large amouhts of money. Therefore, most CAs 
will only accept liability up to a predetermined amount. 

Lastly, it is inconvenient for most of the users to implement 
10 encryption/decryption standards into their personal computer. 

Therefore, there is a need for a certification system to solve the above 
imentioned drawbacks. 
.STTMMARY 

The present invention is a confirmation system that covers purchases, 
15 transactions, or any business intoractions, whetha: over the Litemet, through the 
use of computer, PDA, phone (be it Wireless Application Protocol -(WAP), 
mobile or wired phone) or in a fece-tp-fece situation. 

Regardless of how, where, or T^en the sale is conducted, the sale can be 
directly confirmed by the purchaser through means such as a fixed-line phone, 
20 mobile or WAP phone, PDA, pager, or any wireless application means or 
computer by sending a voice message, data message, key punching, PIN or 
password, vdiether using PKI, fingerprint authorization, eyeball recognition 
technology or voice recognition technology, to a process center. The process 
center may store the purchaser's information including the purchaser's personal 
25 information, communication network address or telephone number of the 
purchaser for confirmation use. The confirmation may also be sent to ttie 
merchant directly, thus providing identification, authorization as well as an 
alerting function to the merchant and customer. 
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The present invention can be combined with a payment gateway in the 
back end of the entire process, greatly tighten the security regarding payment in 
an e-commerce situation. The present invention is applicable to B2B, B2C, C2C 
or Government to Business or Consumer (G2B or G2C) e-commerce transaction 
5 In general, in one aspect, the Certification System ("CS") is the system 
designed to use wireless internet technology to improve security in internet 

I 

transactions. The CS authenticates the registered users in an e-commerce or 
regular transaction using a wireless internet protocol. For example, the 
Wireless Application Protocol (WAP) is an open, global specification that 

10 en^owers mobile users with wireless devices to easily access and interact with 
information and services instantly. An overview discussion of the WAP 
technology can, be found in Unwiring the Web: Building Dynamic WAP 
application with ColdFusion by Azhar, the entire disclosure of vMch. is herein 
incorporated by reference. A user of the CS can confirm Internet transactions 

15 with legal binding effect. 

. In another aspect, this invention is about Ihe method and system of 
confirming a transaction, ^;^ileth^ &ce-to-&ce or electronic, by checking user 
identification information against user authentication information. User 
identification can be sent from a user to a processing center. This can be sent 

20 directly or through a third party. The processing center looks up other 
commercial information associated with the user identification information, and 
generats a confirmation message. The user confirms the transaction by sending 
user authentication information in response to the confirmation message. In 
one implementation of the invention, this confirmation message comprises a 

25 dynamically generated mobile key including a randomly generated number or an 
alphanumeric string. The user sends back authentication information by 
affirming the receipt of the confirmation through the phone or through a terminal. 
This terminal can be the same as the terminal through which the user 
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identification infonnation is sent, op it can be a different terminal. In anotiier 
implementation of the system, the confirmation message comprises an encrypted 
message using a public key. The authentication infonnation from the user 
would be a decrypted message by the use of the priyate key of the public key- 
5 private key pair. The generation, management, and maintenance of the public 
key-private key pair can be done by software provided by a number of providers, 
such as the RSA BSAFE by RS A Laboratories of Bedford, Massachusetts, or the 
Hongkong Post e-Cert Certificate by the Hong Kong Post .Detailed 
information about such software products is available in PKCS #1 v2.1: RSA 

10 Cryptography standard, or in the Explanatory Notes acconq)anying . the 
application for Hongkong Post e-Cat Certificate, both documents are 
incorporated herein by reference. 

In another aspect, the invention is about the method and apparatus 
associated with a processing center which . hosts commercial information 

15 associated with registered users. Upon receiving identification information 
associated with registered users, the processing center generates a confirmation 
message to be sent to the user at a stored communication network address. 
Upon receiving the confirmation message, the user sends back information 
authenticating that s/he indeed initiated a transaction. The processing center 

20 then verifies that the user authentication information matches the user 
identification information, and issues an approval for the transaction. 

Details of one or more embodiments of tiie invention are set forth in the 
accompanying drawings and the explanatory description provided below. 
These embodiments are for illustrative purposes only and the principles of the 

25 invention can be implemaited in otha: embodiments. Other features and 
advantages of the invention will become apparent from the following description 
anddrawings. 
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FIG. 1 is an overview diagram of an on-line shopping payment 
confirmation system implemented in accordance with the principles of the 



illustrated in FIG. 1. 

FIG. 3 A is an exemplary datahase for customer-related information stored 
in a processing center; FIG. 3B is an exemplary database for merchant-related 
information stored in the processing center; FIG. 3C is an exemplary database 
for transaction-related information stored at Ihe processing center; FIG. 3D is an 
exemplary database for actions taken within a transaction. 

FIG. 4 illustrates a credit card payment scheme implemented in 
accordance with the principles of the invention. 

FIG. 5 illustrates an invoice presentment and settlement scheme 
implemented in accordance with the principles of the invention. 

FIG. 6 illustrates an Internet purchase scheme using the dynamic 
authentication system implemented in accordance with the principles of the 
invention. 

FIG. 7 illustrates a transfer of fund between accounts using the dynamic 
authentication system implemented in accordance with the principles of the 
invention. 

FIG. 8 is a screen shot of an exemplary user terminal serving as an entry 
point for a virtual shopping mall implementing the features of the invention. 

FIG. 9 is a screen shot of an exenq)lary user confirmation terminal for 
receiving confirmation messages from the processing center in accordance with 
the principles of the invention. 

Like parts in different figures are identified by like numbers. 



invention. 



FIG. 2 is a flow chart illustrating the execution stbps of the implementation 
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DETATLBP PESCRTPTTON 

According to the principles of the invention and in one implementation, 
the CS comprises a center (also called a processing center) responsible for 
handling certificate issuance, revocation and verification. Jn. one 
5 implementation of the system, the certificate comprises two parts — user 
identification information and user authentication information. 

The user identification information comprises information that identifies 
' the user and can include, for example, a userid, a public key, and user's name. 

The user authentication information comprises information used to verify 
10 that the transacting party is the user identified b^ the user identification 
information, as opposed to an imposter. The user authentication information 
can comprise, for example, a password, a message decrypted by a private key, or 
mother's maiden name. 

Referring to FIG. 1, the user's authentication tools such as the private key 
IS is stored, in one implementation, into the user's confinnation terminal 150. The 
terminal ISO can comprise any electronic data input/output inter&ce such as a 
computer systemi, notebook, notepad, electronic organizer, palm top, cellular 
phone, pager, or personal digital assistant. The private key in one 
implementation is the private key of a public key-private key pair issiied by 
20 certificate authority according to X.509 specification. The public key is stored 
at the center 130, and the private key is stored at confirmation terminal 150. In 
one implementation of the invention, if the user already has a key certificated 
and his/her own public/private key pair, the center 130 will simply register and 
store the information. If the user does not have a key pair, the center can also 
25 issue one. The private key can be loaded into confirmation temiinal 150 by 
proprietary software, such as that supphed by the Hong Kong Post for example, 
if confirmation terminal 150 is a porsonal computer. If the confirmation 
terminal 150 is a WAP phone, the private key can be loaded unto to the phone by 
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. wireless application tools such as the enhianced SIM card platform GemXplpre 

Trust by Gemplus of Cedex, France, or other similar smart card-based 

applications. Methodology for developing smart card-based applications is 

e3q)lained in Developing Smart Card-Based Applications Using Java Card by 
< ' ■ . ' 

5 Jean-Jacques Vandewalle and Eric Vetillard, the entire disclosure of which is 

incorporated herein by reference. Private keys can also be password-protected 

at confirmation terminal 150 for additional security. 

The user's terminal 100 is either associated with or can access data sent to 

a communication network address, in one implementation of the system, the 

10 User terminal ICQ is used to send user identification information. A 
communication network address coi)]^rises an address in a communication 
network system, or transaction system, 180. Within communication network 
system 180 information is passed back and forth between terminals and centers 
and other nodes through the use of the Internet (or other shnilar global networks), 

IS public switched telephone netwoik, or public land mobile netwoik. Within 
network system 180 data can be sent to and accessed by the user. A 
communicatioii network address can include, for example, a phone number, 
email address, or an Internet Protocol address. 

In one implementation, the user's termioal 100 is a public terminal accessible 

20 to more than jiist the user. la another implementation, the user's terminal is the 
same as confirmation terminal 150. In one implementation, all user 
authentication activities should go through the user's terminal 100 for security 
purposes. The user authentication information may be protected by an 
additional password to prevent an imposter with access to the user's terminal 100 

25 from using the authentication information. If the user loses the user's terminal 
100, the user should report to the Center 130 irmnediately. Following the 
report, the communication network address and user authentication information 
can be terminated, thereby preventing an imposter from impersonating the user. 
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III addition to the user's identification data, all personal data such as the 
user's credit card number, user's name, communication network address or bank 
accounts are stored in the data base server located at the Center 130. Users 
only need the user id or the customer id, to transact. 
5 In one implementation of the invention, verbal confirmation can be achieved 

within system ,180 wherein the user terminal 100 is configured to receive voice 
: input from the user, hi this case, the user can answer the confirmation vntk 
his/hervoice through user terminal 100. The voice cKp together with . 
authentication information will be sent to the Center 130 to do the matching. 

10 All transaction records are stored in servers 132 and 134 at.the Center 130. 
An exemplary transaction record 370 is illustrated in FIG. 3C. Transaction 370 
comprises, among others, customer id 302, merchant code 354, date 374, time 
376, transaction amount 372, , and transaction number 382. The items included 
in record 370 can vary for the various implementations of the invention without 

15 deviating firom the spirit of the invention. In particular, date 374 refers to the 
date of the transaction, time 376 refers to the time of the transaction, transaction 
amount 372 represents amount of the transaction. In one implementation, tiie 
TnayirmiTn amount allowed per transaction is predetermined and cannot be 
exceeded. Each transaction number 382 may be associated with one more 

20 actions items hsted in activities log 330 of FIG. 3D. For example, tiie center can 
define action code as follows: 

1 for place order 

2 for confirmation of purchase by customer 

3 for cancel a transaction 

25 4 for ask for payment approval 

5 for grant payment approval 

6 for seek the approval from the bank . 

7 for grant approval by the bank 
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8 for ask for order/payment confirmation 

9 for confum the transaction by the center 

Supposing that a customer with a value of 100001 for customer id 302100001 
5 makes a purchase from his terminal 100 at 10:30 a.m. on 6/9/2000. This message 
was received by the Center 130 immediately througji tie merchant named 
DEMO 1 10. The center 130 then sends a message to the customer's device 150. 
The customer could give confirmation to the center at 1 1 :00. Then, the center 
130 asked the payment approval from the bank. Finally, the center would give 
10 final confirmation to the merchant to finish the transaction. In this case, the 
following records are written on the database und^ activities-log 330 as: 

Date (332)= 20000906 
15 Time (334) = 1030 
Action-code (336) = 1 

Action-details (338) = 100001 place order to merchant DEMO 
Transaction-number (382)= 1234567 
Merchant-code (354)= DEMO 
20 . 

Date (332)= 20000906 
Time (334)= 1040 
Action-code (336)= 4 
25 Action-details (338)= DEMO ask for payment confirmation 
Transaction-number (382) = 1234567 
Merchant-code (354)= DEMO 
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Date (332) = 20000906. 

, ■ I 

Time (334)= 1641 
Action-code (336) = 8 

Action-details (338>= The center ask IOO6OI for payment confirmation 
Transaction-number (382) = 1234567 
Merchant-code (354)= DEMO 



10 Date(332)= 20000906 
Time (334)= 1100 
Action-code (336)= 2 • 

Action-details (338)= 100001 confirmed the purchase 
Transaction-number (382)= 1234567 
15 . Merchant-code (354)= DEMO 



Date (332) = 20000906 
Time (334) = 1101 
20 Action-code (336)= 8 

Action-details (338)= The center ask the bank for payment approval 
Transaction-number (382)= 1234567 
Merchant-code (354) = DEMO 

Date (332)= 20000906 
Time (334)= 1102 
Action-code (336)= 5 



wo 02/03214 _ PCT/CNOO/00364 



Action-details (338)= The bank granted the payment approval 
Transaction-number (382) = 1234567 
Merchant-code (354) = DEMO 



Date (332) = 20000906 
Time (334) = 1102 

Action-code (336) = 9 . 
Action-details (338) = The center confirm tiie transaction to DEMO 

10 Transaction-nmnber (382) = 1234567 
Merchant-code (354)= DEMO 

All above actions should be associated with transaction 1234567 as an entry in 
transaction record 370 as: 

15 

customer-id (302) = 100001 
transaction-number (382) = 1234567 
merchant-code (354) = DEMO 
20 tx-amount(372>=1567 
tx-date (374) = 20000906 
tx-time (376) = 1102 

In one implementation, there will be no record written in transaction record 
25 370 if the transaction has not been completed. Transaction number 382 refers 
to a unique transaction number associated with each transaction and is used to 
cross-reference record 370 and log 330. In one implementation, all transactions 
will have legal binding effect on all the involved parties; the Center 130 will be 
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authorized to provide online services to computer users and merchants who need 
online transaction confirmation for legal purposes. 

Numerous implementations of the invention are possible. A network 
provider can provide infirastnicture for communication purpose to multiple 
5 parties. For example, bankers canjoin as registered users to provide online , 
banking services. Credit card cotapanies can xise this system to communicate 
with cardholders to confirm transactions, thus alleviating the risk of fraudulent 
transactions caused by lost cards. In a Business-to-Customer or Business-to- 
Business situation, the center 130 can provide regular statements to the 

10 customers and the merchants in respect of the completed transactions using the 
OS . This will ease the. administrative workload of the merchants and provide 
checking services to the customers and merchants to help merchants/customers 
detect early any abuse by their employees/fiiends svbo are in charg^have the 
merchants/customers' authentication information. These various 

15 implementations of the principles of the invention will be illustrated in the other 
drawings. 

FIG. 1 is an overview diagram of an on-line shopping payment confirmation 
system ("OLSPCS") 1 80, a system implemented in accordance with the 

20 principles of this invention. Under the OLSPCS 180, a customer may make a 
purchase via public network with the following steps. The user first selects 
(step 1) merchant 1 10 and goods via pubHc via a network connection through a 
user terminal 1 00, A user terminal comprises a number of electronic 
communication devices listed above, or it can also comprise a face-to-face 

25 interaction. Once the selection is made, the user identification information is 
submitted (1) to Ihe merchant 110, which then sends (2) the user's identification 
information, user's name and/or other identification information to the center 
130.- 
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. The center 130 will check against the database to see if it is a valid user or if 
the user is in the revocation list. Exemplary customer information for each 
registered user is illustrated in table 300 in FLG. 3A. Relevant customer 
information comprises customer E> 302, customer phone number 304, mobile 
S phone number 306, e-mail address 308, bank name 310 listing the customer's , 
preferred transaction bank, bank account number 3 12, address 316, credit card 
type 318 listing the preferred credit card specified by the customer, credit card 
number 320, and status 322 indicating &e registered user's status as vahd or 
revoked, and an expiration date 324, reflecting the expiry date for the registration 
10 period of the center. Merchant information is also stored at center 130, as 
illustrated in table 350 m FIG. 3B, including merchant code 354, merchant's 
account number,356, and the amount hmited, such as per transaction, 358. The 
contents of tables 300^ 330, 350, and 370 can be any combination, subset, and/or 
superset of the various types of infpimation listed above without deviating from 
15 the^pirit of the invention. 

If the user identification information corresponds to a valid user, the center 
130 will send (3) a confirmation message to the customer using the 
communication network address using a communication network, such as via 
satellite 140, associated therewith to ask if he/she will approve the payment. 
20 The customer receives the confirmation message at a confirmation terminal 
150. In one implementation, the confkmation terminal 1 50 is di£ferent fi:om the 
user terminal 100. In anotherimplementation, the confirmation terminal 150 is 
the user terminal 1 00. £a yet another implementation, the customer may receive 
the confirmation at the confirmation terminal 150, but authenticates him/herself 
25 at the user temoinal 100. Of course the customer can also receive confirmation 
and returns authentication at confirmation terminal 150 in other implementations 
of the invention. 

The customer chooses either approval or rejection verbally or otherwise 
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through the user terminal 150. The rq>ly is then returned (4) to the Cent^ 130 
through the same or different network. In one implementation, the 
confirmation terminal 150 is a wireless WAP; in other embodiments the 
confirmation terminal 150 comprises a regular cell phone, a pager, a corr^uter, a 
5 fixed line phone, or a number of other possible electronic devices. The customer 
is required to supply their authentication information to ensure their 
identification. Once tilie center 130 receives the customer's payment approval, 
: it will check if the user authentication information matches previous useif 
authentication information. In one implementation of the invention, each user 

1 0 should have an unique mobile key issued by the center, comprising; for example, 
a randomly generated number or an alphanumeric string. A unique key will be 
generated by the center for each transaction. The customer will use this key to 
confirm the transaction witii a transaction number by calling or othoivise 
communicating the information back to coiter 130, such as by ^tering and 

15 sending the randomly generated number constituting the unique key through user 
terminal 100. After verification, the center 130 will send (5) a request for 
payment approval with the customer credit card information to ibs bank hub 120. 

The bank hub 120 will grant (6) approval for payment to the merchant 1 10 
through Center 130. Center 130 confirms (7) payment with merchant 1 10, 

20 which arranges (8) for goods delivery to the user, hi one implementation, 
merchant 110 instructs the center 130 to issue a digital receipt and to send the 
digital receipt to the user using the communication network address. 

FIG. 2 is a flow chart of operation steps involved in transaction 
system 1 80. Although not shown here in the flow chart, as a preliminary step, 

25 registration of users should be conducted. User id and other commercial user 
information should be loaded and stored at Center 130 before a transaction starts. 
The users start by providing their user identification information (box 20). The 
bank or bank hub 120 or merchant 1 10 receives the us^ identification 
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informatioii and forwards it to tli& center 130, also known as the Service Provider 
(SP) or processing center (box 22), The c6nter 130 then receives the user 
identification information and performs Hie validation process according to 
information stored in the database (box 24). If the user identification information 
5 does not correspond to a valid user (box 26), it is rejected and the database is , 
updated (box 36). If the user identification information corresponds to a valid 
user, a confirmation message is seat to the Coiifinnation terminal 150 using the 
communication network address (box 2S). The user will then access the 
confirmation message using confirmation terminal 1 50, which may be identical 

10 to user terminal 1 00 in some implementatioiis, and reply using the user 
authentication information (box 30). Li one implementation, each customer 
should have a private key to do the authentication. la another implementation, 
the customer can do the authentication by a dynamic key -which is generated by 
the center 130. Optionally, a table call "customer-policy" may be added to 

15 specify authentication policies for each customer. The detailed items are as 
follows: 

Customer-id 
Action-code 
20 From-tx-amt 
To-tx-amt 
Effective-date 
Termination-date 

25 With this table, a customer can define a set of niles for the center to execute 
verification accordin^y. 

If the user authentication information does not match the user identification 
information (box 32), the transaction is rejected and the database is updated (box 
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36). Else, liie center 130 checks to see if the user approved the payment If 
yes, a confirmation is sent to the bank 120 or merchant 1 10 (box 38). Else, it is 
rejected (box 34) and the database is updated (box 36). In one implementation, 
the database is updated periodically at eveiy checkpoint. 
5 Exemplary and spedalized implementations of transaction system 180 for 

certain specific uses are illustrated below: 
^ rrpAit Card P nymant Cnr^Hrmation 

Referring to FIG. 4, in the case of a normal oredit card payment the .credit 
card holder can also use this service. The center 130 wiU have a pre- 

10 anangement with credit card companies which is in connection with credit card 
center 410. Once a merchant swipes the credit card to ask for payment 
authorization in a face-to-face, telephone transaction, or other types of electronic 
transaction situation 400, the credit card number will be sent (42) to the credit 
card center 410. For those credit card companies fecihtating this service, they 

15 can send the user identification information to the center 130 to ask (44) for 
payment approval. Center 130 uses the user identification information to 
retrieve the cominunication network address and then send (45) dynamic 
confirmation mformation comprising a dynamic key, encrypted message, or the 
like In this case, the center will check with the customer-pohcy table to 

20 determine which action should be taken. Ifthe customer defines that only those 
transactions exceeding HK$ 10,000 should obtain approval before processing. If 
the current transaction amount is less than HKS 10,000, the center may only issue 
acknowledgement to the customer. Otherwise, a dynamic key with transaction 
number will be issued to the customer for payment approval purpose to the 

25 customer's confirmation terminal .150 over a communication network using the 
user's communication network. The user can confirm (46) payment over the 
same communication network by approving or declining payment. Ifthe 
purchase is confirmed (47) via center 130, a credit card payment receipt will then 
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be issued (48) for, signing by the customer in location 400. If the center receives 
a negative signal or if no signal is received by center 130 within a predetermined 
period of time, for example 10 minutes, no credit card payment receipt will be 
issued by the credit card center (410). The foregoing illustrates an advantage of 
5 one embodiment of the invention enabling the customer to be alerted in real-tiine 
that their credit card is being used. The risk of lost cards is thereby reduced. 
In other embodiments of the invention, the customer can confirm the 

♦ 

payment by the user tsminal 100 or other terminal. If the customer gives 
confirmation by phone 150, the center 130 will have a system to answer the call 

10 automatically and stores all reply information such as transaction number and Hhe 
dynamic authentication information to the database, such as in activities log 330. 

In yet another embodiment of the invention, crater 130 can also implement 
different levels of authorization as per the request of each user or customer. For 
example, a user can spedfy that a simple notification or confirmation message is 

15 enougji for those transactions below US$100. If the transaction amount is 
greater than US$10,000, the user may desire the highest secured authorization 
procedures. For example, the center will request the user to provide a dig^ 
signature using a priA^te key to confirm the transaction. 

20 Bill Present ment A- Reltlement 

Customers and merchants can settle all bills through this system. First of 
all, custoiners must register each bill's information such as merchant code, 
account number and . settlement bank account number into the system. 
Referring to FIG, 5, those merchants who are members of center 130 can send 

25 (50) billing information. 500 comprising monthly bills to the center 130 through 
the Internet instead of by postal service. The center 130 then will inform (52) 
customers at confirmation terminal 150 that the bills have been received and the 
total amount is indicated through the mobile operator or the pager operator or 
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any commimication • network operator as specified by the customers. A 
dynamic authenticatioii information with bill transaction number is also sent to 
the user's communication network address. If the user wants to see the details 
of a bill, they can get detailed information through the Internet. At the same 
5 time, he/she can settle the bill by replying (3) to the center 130 with the 
correspbnding dynamic authentication information by confirmation through the 
user terminal 100 or confirmation terminal 150 comprising customer's mobile 
• phone, PC or any communication network or the like. Once the confirmation is 
received by the center 130, the center 130 will instruct (54) the client's bank 120 
10 to setde the bill accordingly. Settled bills will be returned (55) to merchants. 

Dynamic Authentication Irformation 

It is noted that PKI is user-unfriendly and can still be stolen by others. 
Therefore, in another implementation, the use of dynamic authentication- 

15 information to confirm the transaction is used. 

Refeiriiig to FIG. 6, vidien a customer registered with center 130 wants to 
make a purchase whether through the Intemet or in face-to-face situations, s/he is 
only required to supply (61) a user identification information to the merchant 
110. The merchant 110 then will send (62) this user identification information 

20 to the center 130. Based on this user" identification information, the center 130 
can retrieve all information about the customer such as banking information and 
conununication network address, such as those listed in table 300. Center 130 
can also check (65) with credit ciard center 410 and receive (66) approval. Hie 
center 130 will generate a unique key for confirmation purposes. Center 130 

25 forwards (63) such information to the customer using the cornmunication 
network address. The dynamic authentication information comprises, for 
examplCj a key or password; When the customer receives the dynamic 
authentication information through the communication network address at 
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confbnation tenninal 150, which may comprise a mobile phone, WAP phone, 
fcsed-line phone, pager or other similar devices, s/he uses user terminal 100 or 
any tenninal to confirm (64) the purchase and payment over a conmiunication 
network. The center will check against the database. If the dynamic 
5 authentication information received fi-om confirmation tenninal 1 50 is matching, 
the payment will be confirmed (67) with merchant 1 1 0 to deliver (68) purchased 
goods. Because the dynamic authentication infonnatiou will be generated for 
every transaction, it is protection against being stolen and provides an extra level 
of security to electronic transactions. 
10 Other possible implementations of the invention include, but not limited to, 

the following: 



Referring to FIG. 7, when a user wants to do fund transfer firom his bank A 
account (785) to an account of another bank (775) through cyber banking, the 

15 user can supply (71) the user identification information to bank A 785 through 
the Internet banking program. The user is not required to input their account 
number in this case. 

The bank A 785 -mil transmit (75) the user identification information to the 
center 130 and eicpect a confirmation from the center 130. Based on the user 

20 identification information, the center 130 retrieves fiie us^s communication 
network address form the database and then sends (73) the request for 
confirmiation to the user using the communication network address over the 
communications network associated therewith. The user answers (74) the 
confirmation with the user authentication information. 

25 The center 130 will check the user authentication information witb the 
previous user identification information and/or confirmation to see if they matoh. 
An approval will be sent (72) to the bank A 785 via the communication network 
after certificate validation. The bank A then takes action (76) with respect to 
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bank B 775 accordingly with the confiimation from the user. Other than funds 
transfer amongst different banks, this application will facilitate the customer to 
buy shares through his brokers without first manually depositing monies to his 
broker's account but just transferring the monies electronically. This s^proach 
5 offers the advantage of conducting sale and purchase of shares Hirough a number 
of brokers rather than restricting the customer to one broker for provision of 
securities services. 

Ord&r Corfirmation 

10 Yet another implementation of this invention entails the following. It is not 
uncommon that the merchant will give credit to its old customers. Meanwhile, 
there should be some form of confirmation from customers to acknowledge the 
issuance of order via online shopping system. 

When the customer takes order through online system, he will be required to 

15 confirm the purchase order with digital signature. Therefore, he/she needs to 
siq>ply his/her user identification information to the merchant firstly. 

The merchant transmits order information with user identification 
information to the processing center via public network. The processing center 
will perform Yalidatioii procedures and then transmit information via a 

20 communications network to the customer's communication network address and 
ask for confirmation. 

The customer then checks the order information from his/her user terroinal 
and then issues a confirmation with user authentication information to the 
processing center. The processing center will give the merchant the purchase 

25 confirmation. This confirmation should have legal binding effect on both 
parties. 

When the merchant arranges for dehvery, an instruction will be given to the 
processing center to issue a caredit note to the purchase. 
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In general, in siunmaiy, the merchant receives an order from a customer via 
the communications network operator (which stores the personal information of 
the purchaser and acts as process center) the transaction information to seek 
5 confirmation from the purchaser. The communications network operator sends 
a message with the generated key, for confirmation purpose, to the customer's 
designated terminal (for example, mobile phone). The purchaser upon 
receiving the message from its designated terminal may then use any kind of 
device to confirm the transaction with the merchant. This validation procedure 
10 can prevent any unauthorized purchase made by a p^son other than the 
purchaser. 

. FIG. 8 illustrates a virtual shopping mall as it spears on a screen of user 
.terminal 100. In one implementation, the items ofi^ed for sale comprise 
mobile phones 700, 710, 720, and 730. The user may select the product s/he 

15 wishes to purchase by entering the product in dialog box 740, using a puU-down 
menu or keyboard input or ther ixxput means. The user needs to provide userid 
or Login ID in box 760, and provide e-mail address in 750. The user then 
clicks button 770 to proceed with the transaction. The items ahready in the 
electronic shopping cart can be viewed by clicking button 780. 

20 FIG. 9 illustrates a sani^le confirmation message 800 as it appears on 
confirmation 150. With different types of authentication methods, different 
types of confirmation messages will be generated. For example, if the 
authenticating tool is a private key of a public-private key pair supported by 
standard PKI, the confirmation message will be a message encrypted by the 

25 public key, which message the user will use the corresponding private key to 
decaypt, and the decrypted message will be returned as authentication 
information. The confirmation terminal 150 is shown as a wireless phone in 
this implementation, but may be other types of electronic interactive devices in 
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other implementatioiis. . 

The above system and its associated programs may be associated in a 
computer-readable medium or any article of manufacture that contains data that 
can be read by a computer or a earner wave signal carrying data that can be read 

5 by a computer, For example, this invention may be distributed on magn^c 
media, such as a floppy disk, flexible disk, hard disk, reel-to-reel tape, cartridge 
tape and cassette tape; optical media such sis CD-ROM and the like, and/or paper 
media such as paper tape; or carrier wave signal received througji a network, 
wired or wireless, or modem, including various <ypes of signals. 

10 The above embodiments of tiie invention are for illustrative purposes only. 
Many widely different, embodiments of tlie present invention may be adopted 
without departing from the spirit and scope of the invention. Those skilled in 
the art will recognize that the mefliod and structures of the present invention has 
many applications, and that the present invention is not limited to flie specific 

15 embodiments described in the specification and should cover conventionally 
known variations and modifications to the S3^tem components described herein. 
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What is claimed is: 

1. A method for ^proving a transaction over a computer network, said 
method comprising: 

forwarding user identification information to a processing center for an 
5 approval of the transaction; 

retrieving a communication network address associated with the user 
identification infonnation; 

transmitting a confinnation to tiie communication network address; and 
receiving user authentication information firom the conmiunication 

I 

10 network address. 

2. The method of claim 1, finiher comprising: 

determining if the user authentication information corresponds to the user 
identification information. 

15 

3. The method of claim 2, fiirther comprising: 

generating the approval for the transaction at the processing c^ter. 

4. The method of claim 2, wherein the transmitting step finther 
20 comprises: 

generating an encrypted message using a public key, stored at the 
processing center, associated with the user identification information as the 
confirmation message. 



25 5 . The method of claim 2, wherein the transmitting step further comprises: 
generating a dynamic mobile key comprising a randomly generated 
number as the confirmation message. 
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6. The method of claim 4, wherein the user authenticatioii information 
comprises a decrypted message using a private key corresponding to the public 
key constituting a public key-private key pair. 

5 

7. The method of claim 5, wherein the user authentication information 
comprises a verbal affirmation of the randomly generated number delivered 
through a phone line of a publicly switched telephone network. 

10 8. A computer-readable medium carrying one or more sequences of 
instructions for confirming a transaction electronically, wherein execution of the 
one or more sequences of instructions by one or more processors cause the one 
or more processors to perform the steps of : 

forwarding user identification information to a processing center for an 
15 approval of the transaction; 

retrieving a conamunication network address associated with the user 
identification information; 

transmitting a confirmation to the communication network address; and 
receiving user authentication information from the communication 
20 network address. 

9. The computer-readable medium of claim 8, wherein the one or more 
sequences of instructions further comprise instructions to cause the one or more 
processors to perform the step of 
25 determining if the user authentication information corresponds to the user 

identification information. 

10. The computer-readable medium of claim 9, wherein the one or more 
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sequences of instructioiis further comprise instructioiis to cause the one or more 
processors to perform the step of: 

generating the approval for the transaction at the processing center. 

5 11. The computer-readable medium of claim 9, wherein the transmittiag 

step further comprises: 

generating an encrypted message using a public key, stored at the 
processing center, associated with the user identification information as the 
coiifirmation message. 

10 

12. The computer-readable medium of claim 9, wherein the transmitting 
step further comprises: 

generating a dynamic mobile key comprising a randomly generated 
mmiber as the confirmation message. 
15 ■ . 

13." The computer-readable medium of 11, wherein the user 
authentication information comprises a decrypted message using a private key 
corresponding to the public key constituting a public key-private key pair. 

20 14, The computer-readable medium of 12, wherein the user 

authentication information comprises a verbal afiSrmation of the randomly 
generated number delivered through a phone lines of a publicly switched 
telephone network. 

25 15. A method for approving a transaction in a coinmunication network, 

said method comprising: 

forwarding user identification information of a first party from the first 
party to a second parly; 
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retrieving a communicatioii netwbik address associated widi the user 
identification informatioii at a processing center; 

generating a confirmation message at the processing center and 
■ forwarding the confirmation message to the communication network address; 
5 in response to the confirmation message, generating dynamic 

authentication information by the first party; 

returning the dynamic authentication information to the processing 

" center; . 

verifying the dynamic authentication information against the 

10 confirmation message; and 

generating an approval for the transaction. 

16. The method of claim 15, wherein the communication network address 
comprises an e-mail address. 

15 

17. The method of claim 15, wherein the forwarding step is transmitted 
firom a personal comjputer. 

18. The method of claim 15, wherein the forwarding step is transmitted 
20 firom a personal digital assistant. 

19. The method of claim 15, wherein the dynamic authentication 
information is returned from a WAP (Wireless Application Protocol) phone. 

25 20. The method of claim 15, wherein the dynamic authentication 

information is returned from a personal computer. 



21. A computer-readable medium carrying one or mcM-e sequences of 
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iDstructioss for confiiming a transaction electronically, wherein execution of the 
one or more sequences of instructions by one or more processors cause the one 
or more processors to perform the steps of : 

forwarding user identification information of a first party from the first 
5 party to a second party; 

retrieving a communication network address associated with the user 
identiiScation information at a processing center; 

generating a confirmation message at the processing center and 
forwarding the confirmation message to the communication network address; 
10 in response to the confirmation message, generating dynamic 

authentication informatipn by the first party; 

returning the dynamic authentication information to the processing 

center; 

verifying the dynamic authentication information against the 
15 confirmation message; and 

■generating an approval for the transaction. 

22. The computer-readable medium of claim 21, wherein the 
communication network address comprises an e-mail address. 

20 

23. The computer-readable . medium of claim 21, wherein the 
forwarding step is transmitted from a pqsonal computer. 

24. The computer-readable medium of claim 21, wherein the 
25 forwarding step is transmitted fi:om a personal digital assistant. 

25. The computer-readable medium of claim 21, wherein the dynamic 
authentication information is returned from a WAP (Wireless Application 
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Protocol) phone. 

26. The computer-readable medium of claim 21, wherein the dynamic 
authentication information is returned from a personal computer. 

5 

27. An electronically connected system for approving a transaction in a 
communication network, comprising: 

a processing center for receiving user identification infonnation from a 
first party, said center including a database for retrieving a communication 
10 network address associated with the user identification infonnation for receiving 
a confirmation; and 

a first terminal associated with said communication network address for 
transmitting user authentication data to the processing center in response to 
receipt of the confirmation at the communication network address. 
15 . • 

28. The system: of claim 27, wherein the first terminal comprises a 
WAP phone. 

29. The system of claim 27, -vdierein the first terminal comprises a 

20 pager. 

30. The system of claim 27, wherein the first terminal comprises a 
phone wired to a public-switched telephone network. 

25 31. The system of claim 27, •wA.erein the first terminal forwards the user 

identification information to the processing center. 



32. The system of claim 27, fiirther comprising a second terminal for 
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traosmittiiig the user identbGicatioii infoimation. 

33. The system of claim .32, wherein the second terminal comprises a 

PC. 

5 . 

34. The system of claim 32, wherein the second terminal comprises a 
mobile phone. ' 

35. The system of claim 27 or claim 32, wherein the user authentication 
10 data con:^nses a dynamically generated decrypted message. 

36. The system of claim 27, wherein the user authentication data 
comprises a password. 

15 37. The S3^m of claim 27, Therein the processing center matches the 

user authenticatipn data against the user identification information before issuing 
an approval for the transaction. 

38. The system of claim 35, i?^erein Ihe confirmation comprises ah 
20 electronically generated message encrypted by an electronic key. 

39. The S3^em of claim 35, wherein the decrypted message is 
generated using an electronic key stored in the first terminal. 

25 40. The system of claim 35, -vydierein the decrypted message is 

generated using an electronic key stored in the second terminal. 



41. The system of claim 39 or claim 40, wherein the electronic key is 
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password-protected. 

42. A network-based system for approving a transaction, comprising: 

a processing center for receiving user identificatioh information from a 
5 seller, said center including a database for retrieving a coiomunication nettvork 
address associated with the user identification information for receiving a 
confumation; 

a first terminal associated with said communication network address for 
transmitting user authentication data to the processing center in response to 
10 receipt of the confirmation at the communication netwoik address; and . 

a second terminal operable by a user for sending user identification 
information to the seller. 

43. The system of claim 42, wherein the user identification comprises a 
15 user code comprising an alphanumeric string. 

44. The system of claim 43, wherein the user code is associated with 
conmiercial user information stored in the database. 

20 45. The system of claim 44, wherein the commercial user information 

comprises user bank account number. 

46. The system of claim 44, wherein the commercial user information 
comprises user registration status. 

25 

47. The system of claim 42, wherein the transaction comprises a iace- 
to-face transaction between the seller and the user. 
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48. The system of claim, 42, wherein the transaction comprises an 
electronic transaction. 

49. An apparatus for securing a transaction electronically, comprising: 
5 a storage device; and 

a processor connected to the storage device, 
the storage device storing a program for controlling the processor, and 
the processor operative with the program to: 
receive user identification information; 

retrieve a conunmiication network address associated with the user 
identification information; 

■ 

transmit a confirmation to the communication network address; and 
receive user authentication information from the communication network 
address. 

50. The apparatus of claim 49, in which the processor is further 
operative with the program to: 

transmit a payment authorization upon verifying that the authentication 
information corresponds to the user identification information. 

51. The apparatus of claim 49, wherein the processor is located in a 
processing center, the processing center hosting a database containing 
commercial information of registered users. 

52. The apparatus of claim 51, \^erein the user identification 
information is transmitted from a WAP phone or a mobile phone. 



53. The apparatus of claim 51, wherein the user identification 
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information is transmitted from a person computer. 

54. The apparatus of claim 51, wherein the user authentication 
information is transmitted from a pager. 

5 

55. The apparatus of claim 49, wherein the confirmation comprises a 
dymmically generated mobile key. 

56. The apparatus of. claim 51, wherein the confirmation comprises a 
1 0 text message encrypted by a public key associated with a registered user. 

57. The apparatus of claim 56, wherein the user authentication 
information comprises a decrypted message derived firom liie encrypted text 
message using a private key corresponding to the public key. 

15 
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